Chapter 3: Temperance

Chapter 3: Temperance

For people who plays CTF and wants to program some shit.

适合玩 CTF 并想编写一些程序的人。

levelx00

Codename: levelx00

Mission: On this mission you will receive an string and you should send the same string. The code to solve this level in Python can be found here.

Example:

HMV(Input): HMVLOVESYOU

Hacker(Output): HMVLOVESYOU

在这个关卡首先下载一个py程序,研究一下代码逻辑

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')	# 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx00') # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024) # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    s.send(data2)	# 处理后再发过去

    print('Recibo flag')
    data3 = s.recv(1024) # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

第一关的话直接执行代码就能获取到flag

levelx01

Codename: levelx01

Mission: This mission is similar to the previous one, but adding a minimum of complexity :) You will receive a string, you must return the same string and you will receive another string which you must also return.

本任务与前一个任务类似,但增加了最低限度的复杂性:)您将收到一个字符串,您必须返回相同的字符串,您还将收到另一个字符串,您也必须返回该字符串

Example:

HMV(Input): ImString1!

Hacker(Output): ImString1!

HMV(Input): ImString2!

Hacker(Output): ImString2!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx01')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    s.send(data2)  # 处理后再发过去

    data3 = s.recv(1024)  #接受信息
    print(data2)
    s.send(data3)  #发送data3数据
    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

levelx02

Codename: levelx02

Mission: In this mission you will receive a string and you must return the same string but converted to uppercase.

在这个任务中,您将收到一个字符串,您必须返回相同的字符串,但要转换成大写字母。

Example:

HMV(Input): wegomakeittrue

Hacker(Output): WEGOMAKEITTRUE

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx02')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    s.send(data2.upper())  # 处理后再发过去,用upper()函数把所有的字母都转换为大写字母

    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

levelx03

Codename: levelx03

Mission: In this mission you will receive a string in base64, you must do the decode and return the result.

在此任务中,您将收到一个 base64 格式的字符串,您必须进行解码并返回结果。

Example:

HMV(Input): eW91bWFrZW1lY3J5Cg==

Hacker(Output): youmakemecry 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx03')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    s.send(base64.b64decode(data2))  # 处理后再发过去,对其解码之后再发送

    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

levelx04

Codename: levelx04

Mission: In this mission you will receive a string and you must return it in reverse.

在这个任务中,您将收到一个字符串,您必须将其反向返回。

Example:

HMV(Input): crazycrazycrazycrazy

Hacker(Output): yzarcyzarcyzarcyzarc

在这个关卡里面意思很明显就是把字符串的顺序颠倒一下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx04')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    s.send(data2[::-1])  # 处理后再发过去,用切片的方式是字符串反转

    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

levelx05

Codename: levelx05

Mission: In this mission you will receive a string and you must return the last 5 chars.

在这个任务中,您将收到一个字符串,您必须返回最后 5 个字符。

Example:

HMV(Input): IDKWhyimdoingthisshit

Hacker(Output): sshit

就是返回最后五个字符还是用切片就行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx05')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    s.send(data2[-5:])  # 处理后再发过去

    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

levelx06

Codename: levelx06

Mission: In this mission you will receive a string and you must return its length. (as string, not as int).

在这个任务中,您将收到一个字符串,您必须返回它的长度。 (字符串,而不是 int)。

Example:

HMV(Input): hehehewhf

Hacker(Output): 9

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx06')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    s.send(str(len(data2)).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

levelx07

Codename: levelx07

Mission: In this mission you will receive a string in hexadecimal format, you must return it converted to ascii.

在此任务中,您将收到一个十六进制格式的字符串,您必须将其转换为 ascii 格式返回。

Example:

HMV(Input): 68374d4c68434872315843476e384d4e49787258336a376979

Hacker(Output): h7MLhCHr1XCGn8MNIxrX3j7iy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx07')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    data3 = bytes.fromhex(data2.decode()).decode()
    s.send(data3.encode())  # 处理后再发过去

    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

levelx08

Codename: levelx08

Mission: In this mission you will receive 2 numbers, you must return the result of adding both.

在这个任务中,您将收到两个数字,您必须返回两个数字相加的结果。

Example:

MV(Input): 45 77

Hacker(Output): 122

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx08')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)

    print('Envio reto')
    num = data2.split()
    result = (int(num[0]) + int(num[1]))
    print(result)
    s.send(str(result).encode())  # 处理后再发过去
    print()

    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3)

levelx09

Codename: levelx09

Mission: In this mission you will receive a string encrypted with ROT13, you must decode it and return the result.

在这个任务中,您将收到一个用 ROT13 加密的字符串,您必须将其解码并返回结果。

Example:

MV(Input): ToaZRw5uyWrk4CaZ1tuKxYWR6

Hacker(Output): GbnMEj5hlJex4PnM1ghXkLJE6

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def rot13(sss):
    res = ""
    for char in sss:
        if 'A' <= char <= 'Z':
            res += chr((ord(char) - ord('A') + 13) % 26 + ord('A'))
        elif 'a' <= char <= 'z':
            res += chr((ord(char) - ord('a') + 13) % 26 + ord('a'))
        else:
            res += char
    return res

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data.decode('utf-8'))

    s.send(b'levelx09\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    challenge_sss = data2.decode('utf-8').strip()
    print(challenge_sss)

    print('Envio reto')
    solve_challenge = rot13(challenge_sss)
    s.sendall(solve_challenge.encode('utf-8')+b'\n')  # 处理后再发过去

    print('Recibo flag')
    data3 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data3.decode('utf-8'))

levelx10

Codename: levelx10

Mission: In this mission you will receive numbers separated by spaces, you must return them in order from smallest to largest and without separating them with spaces.

在这个任务中,您将收到用空格分隔的数字,您必须按照从小到大的顺序返回这些数字,并且不能用空格分隔。

Example:

HMV(Input): 80 37 67 41 31

Hacker(Output): 3137416780

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data.decode('utf-8'))

    s.send(b'levelx10')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = data3.replace(' ', ',')

    data3 = [int(x) for x in data3.split(',')]

    data3.sort()
    data4 = ""
    for i in data3:
        data4 += str(i)
    print(data4)

    print('Envio reto')
    s.send(str(data4).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data5 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data5.decode('utf-8'))

levelx11

Codename: levelx11

Mission: In this mission you will receive a string in Morse code, you must decode it and return it.

在这个任务中,您将收到一个摩尔斯电码字符串,您必须将其解码并返回。

Example:

HMV(Input): .– …- .-. –.. -… –.. … ..- …– …. ..— -.- … .– –… .– …. —.. -..- ..-. …. .. —-. .-. ….

Hacker(Output): WVRZBZSU3H2KSW7WH8XFHI9RH

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

CODE_TABLE = {
    # 26个字母
    '.-': 'A', '-...': 'B', '-.-.': 'C', '-..': 'D',
    '.': 'E', '..-.': 'F', '--.': 'G', '....': 'H',
    '..': 'I', '.---': 'J', '-.-': 'K', '.-..': 'L',
    '--': 'M', '-.': 'N', '---': 'O', '.--.': 'P',
    '--.-': 'Q', '.-.': 'R', '...': 'S', '-': 'T',
    '..-': 'U', '...-': 'V', '.--': 'W', '-..-': 'X',
    '-.--': 'Y', '--..': 'Z',
    # 10个数字
    '-----': '0', '.----': '1','..---': '2', '...--': '3',
    '....-': '4', '.....': '5','-....': '6', '--...': '7',
    '---..': '8', '----.': '9'
}


def morse(morse_code):
    morse_code_w = morse_code.split(' ')
    decoded_chars = [CODE_TABLE[code] for code in morse_code_w if code in CODE_TABLE]
    return ''.join(decoded_chars)


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx11')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = morse(data3)

    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data5 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data5.decode('utf-8'))

levelx12

Codename: levelx12

Mission: In this mission you receive a string and a number, you must return the string repeated n number of times.

在这个任务中,您会收到一个字符串和一个数字,您必须返回重复 n 次的字符串。

Example:

HMV(Input): JwSIK 17

Hacker(Output): JwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIK

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx12')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = [x for x in data3.split(' ')]
    data3 = data3[0]*int(data3[1])
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx13

Codename: levelx13

Mission: In this mission you receive a list of strings, you must sort them alphabetically and return the last string in the list. The characters “[“ and “]” must be removed.

在此任务中,您将收到一个字符串列表,您必须按字母顺序对它们进行排序,并返回列表中的最后一个字符串。 必须删除字符”[“和”]”。

Example:

HMV(Input): [QJIFc brxkaCWxRDNRMjMDNQBcYPi wpzZBxlRMrvchppNmZcsSsqnSxQd nWxEVnDjUIWObjfZ gfsqzTsgfYYVjx wDeVgobCvrlaM cLFTLXrpnmSYsVaaTDnVArG dRbEsX KenQzY ZhDilcASluwhjcHlOrrX nPVXUIZELLdcm RsSrmYVHvonLJnv] Hacker(Output): wpzZBxlRMrvchppNmZcsSsqnSxQd

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def string(strings):
    strings = strings.strip("[]")  # 移除and字符
    clean_strings = [x for x in strings.split(' ')]
    sort_strings = sorted(clean_strings)  # 对字符串列表按字母排序
    return sort_strings[-1]  # 返回排列后列表中的最后一个字符串


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx13')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = string(data3)

    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx14

Codename: levelx14

Mission: In this mission you receive a string and a character, you must return the number of times the character is repeated in the string.

在这个任务中,您会收到一个字符串和一个字符,您必须返回该字符在字符串中的重复次数。

Example:

HMV(Input): Kd5vfizCyqgwN2HlEWq2ZOMkaZmar7rmyCl0ssGf078aJ5J3FJKvLzijiqSbsK8ChhLZ1AI3GVhWnYXixY7J4q7KqKSA8t VYsQo0LHjjsGSyLHM9lwi8nVhQA7EUBFo1MJ2gPGo2Nywsz7qlq9C7cKC2xyTdVXVhciK6gMVgRdlOktkx5IMXcnHOSbsnagqDBM56CF87MBT2XMvUAPRbiEuZsMSIFGpFcNYAPOGD04def3j6a15xCVosZ9wLJI5cAk07aUxULniLYzWjCk64ZDsvisGlG2wqIFpMwnMG24T52yHCQlwYYRNrTsLsawZzcUfeutE00WRvcAPyRAYsJRXqaFX9m9teOIA1UqoZfLkRdur3pla6cJxYGl1hi1REClkarFwCFmOAflXN2BZL8mzzK9wixxsvqx7iCL5ky790pF74MRXt8t09z2zW20qJTLg2UiAvl1ZQ8uB7JhVojRFY4LdW8bS6rQQ4iQGJwyeAzkNaPzwlQIFLdgt9UhdXIstPo7TotSSG60g1ln9G6w1OPU K951lrGrKmrCKEUvoGyL3HkToZtkywcL0eYyrW1BrkPTs95TvoUhLjp5Es3mqE x

Hacker(Output): 9

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx14')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')

    data3 = [x for x in data3.split(' ')]
    data3 = data3[0].count(data3[1])
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx15

Codename: levelx15

Mission: In this mission you receive a series of numbers, you must return what the next number in the series would be.

在这个任务中,您会收到一串数字,您必须返回这串数字的下一个数字是什么。

Example:

HMV(Input): 59 140 221 302 383

Hacker(Output): 464

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
import socket
import base64

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx15')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')

    data3 = [x for x in data3.split(' ')]
    data3 = int(data3[-1]) + int(data3[1]) - int(data3[0])  # 利用等差数列知识  1,2,3,?  ?=3+2-1
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx16

Codename: levelx16

Mission: In this mission you receive a png encoded in base64, you must decode it and return the size in pixels of its width and height.

在此任务中,您将收到一个以 base64 编码的 png 文件,您必须对其进行解码并返回其宽度和高度的像素大小。

Example:

HMV(Input):iVBORw0KGgoAAAANSUhEUgAAADQAAABeCAYAAABsFzfXAAAAfUlEQVR4nOzPAQkAMBBFobH+oa/G46MN/G+MUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVC dUN1c6AIAAP//yOQAvaQI2KYAAAAASUVORK5CYII=

Hacker(Output): 52x94

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
import socket
import base64
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988

def image_size(image_base64):
    # 把图像解码为二进制数据
    image_data = base64.b64decode(image_base64)
    # 获取图片的宽和高
    with Image.open(BytesIO(image_data)) as img:
        width, height = img.size
    return width, height

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx16')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')

    data3 = image_size(data3)
    width, height = data3
    data3 = f'{width}x{height}'
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx17

Codename: levelx17

Mission: In this mission you receive a 1 pixel png encoded in base64, you must decode it and return the last RGBA value.

在此任务中,您将收到一个以 base64 编码的 1 像素 png,您必须对其进行解码并返回最后的 RGBA 值。

Example:

HMV(Input):iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAEUlEQVR4nGI6OPmFIiAAAP//Br0CYI/JSpAAAAAASUVORK5CYII=

Hacker(Output): 33

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import socket
import base64
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def image_size(image_base64):
    # 把图像解码为二进制数据
    image_data = base64.b64decode(image_base64)
    # 获取图片的宽和高
    with Image.open(BytesIO(image_data)) as img:
        pixels = img.load()
        width, height = img.size
        RGBA = pixels[width // 2, height // 2]
    return RGBA


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx17')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')

    data3 = image_size(data3)

    data3 = data3[-1]
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx18

Codename: levelx18

Mission: In this mission you receive a string and you must return the string converted to binary.

在这个任务中,您会收到一个字符串,您必须将字符串转换成二进制返回。

Example:

HMV(Input): gEmcaIqBNT1z7ikGg1y0RlWZ4ApGvzmOrMBNtHQuycspIMoWDk

Hacker(Output): 0110011101000101011011010110001101100001010010010111000101000010010011100101010000 110001011110100011011101101001011010110100011101100111001100010111100100110000010100100110110001010 111010110100011010001000001011100000100011101110110011110100110110101001111011100100100110101000010 010011100111010001001000010100010111010101111001011000110111001101110000010010010100110101101111010 101110100010001101011

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
import binascii
import socket
import base64
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988

def str_to_bin(strs):
    bin_str = ''.join(format(ord(char), '08b') for char in strs)
    return bin_str

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx18\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    #data3 = data2.decode('utf-8')
    data3 = str_to_bin(data2.decode("utf-8"))
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx19

Codename: levelx19

Mission: In this mission you will receive a zip file encoded in base64, the zip file contains a .txt file which contains a string inside. You should return the string inside the .txt file.

在此任务中,您将收到一个以 base64 编码的 zip 文件,该 zip 文件包含一个 .txt 文件,其中包含一个字符串。 您应返回 .txt 文件中的字符串。

Example:

HMV(Input): UEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAAHAAAASE1WLnR4dKpMCg7NTk5yC6+qCnANyckzt0j1Mwp2KgpK9kg1yw4K8TLNdPPPzjExqKzMyQlNLTfLAgQAAP//UEsHCMc6NsY4AAAAMgAAAFBLAQIUABQACAAIAAAAAADHOjbGOAAAADIAAAAHAAAAAAAAAAAAAAAAAAAAAABITVYudHh0UEsFBgAAAAABAAEANQAAAG0AAAAAAA==

Hacker(Output): ybSUkcbFWzzPETln78eN2SBrRcHe6kRTJ5iFOkl40yyllUew6j

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import binascii
import socket
import base64
import zipfile
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def zip_to_file(base64_zip):
    zip_data = base64.b64decode(base64_zip)  # 解码由base64编码的压缩包文件

    zip_file = BytesIO(zip_data)

    with zipfile.ZipFile(zip_file, 'r') as zip_ref:  # 打开zip文件
        txt_file = zip_ref.namelist()[0]

        with zip_ref.open(txt_file) as txt_file:  # 读取文件内容
            text = txt_file.read().decode('utf-8')
    return text


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx19\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = zip_to_file(data3)
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx20

Codename: levelx20

Mission: In this mission you receive some of the first 50 words from the Rockyou dictionary in MD5. You must send which word the md5 corresponds to.

在这个任务中,您会收到 Rockyou 字典中以 MD5 表示的前 50 个单词。 您必须发送 MD5 对应的单词。

Example:

HMV(Input): f25a2fc72690b780b2a14e140ef6a9e0

Hacker(Output): iloveyou

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import binascii
import socket
import base64
import zipfile
import hashlib
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx20\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    with open(r'E:\dic\rockyou.txt', 'r', encoding='latin-1') as f:
        lines = [line.strip() for line in f.readlines()[:50]]
        print(lines)
        for i in lines:
            j = i
            md5_hash = hashlib.md5()
            md5_hash.update(i.encode())
            md5_hash_s = md5_hash.hexdigest()
            print(md5_hash_s)
            if md5_hash_s == data3:
                data3 = j
                break
        f.close()
    print(data3)

    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx21

Codename: levelx21

Mission: In this mission you will receive a number and you must return what amount of KB that number corresponds to.

在这个任务中,您会收到一个数字,您必须返回该数字对应的 KB 数量。

Example:

HMV(Input): 52321

Hacker(Output): 51.09KB

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
import binascii
import socket
import base64
import zipfile
import hashlib
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def number_to_kb(number):
    kb_size = number / 1024
    return f"{kb_size:.2f}KB"


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx21\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = number_to_kb(int(data3))
    print(data3)

    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx22

Codename: levelx22

Mission: In this mission you will receive a list of decimal numbers, you must return them converted into their value to ASCII.

在此任务中,您将收到一个十进制数字列表,您必须将其转换为 ASCII 数值并返回。

Example:

HMV(Input): 56 116 110 76 90 70 119 49 103 66

Hacker(Output): 8tnLZFw1gB

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import binascii
import socket
import base64
import zipfile
import hashlib
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def number_to_ascii(number):
    return ''.join(chr(int(num)) for num in number.split())


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx22\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = number_to_ascii(data3)
    print(data3)

    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx23

Codename: levelx23

Mission: In this mission you will receive a 5x1 pixel png encoded in base64, you must read the last RGBA value of each pixel, convert it to ascii and return the result.

在此任务中,您将收到一个以 base64 编码的 5x1 像素 png,您必须读取每个像素的最后一个 RGBA 值,将其转换为 ascii 并返回结果。

Example:

HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAAUAAAABCAYAAAAW/mTzAAAAIklEQVR4nGJpk+BMd+Jkvbf n02/lr5f+c1U+5TwOCAAA//9bkgoL6P+/xQAAAABJRU5ErkJggg==

Hacker(Output): gEhr9

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import binascii
import socket
import base64
import zipfile
import hashlib
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


# 把base64编码的图像转为PIL的图像对象
def base64_to_image(base64_string):
    image_data = base64.b64decode(base64_string)
    image = Image.open(BytesIO(image_data))
    return image


# 从图像中提取每个像素的最后一个RGBA值,并转换为ascii
def rgba_to_ascii(image):
    pixels = image.load()
    width, height = image.size

    ascill_str = ''
    for i in range(width):
        r, g, b, a = pixels[i, 0]  # 读取每个像素的RGBA值
        ascill_str += chr(a)  # 将Alpha值转换为ASCII字符并追加到字符串

    return ascill_str


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx23\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = base64_to_image(data3)
    print(data3)
    ddd = data3
    ddd = rgba_to_ascii(ddd)
    print('Envio reto')
    s.send(str(ddd).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx24

Codename: levelx24

Mission: In this mission you will receive a URL which you must visit, you must return the string found on the web.

在此任务中,您将收到一个必须访问的 URL,您必须返回在网络上找到的字符串。

Example:

HMV(Input): http://temperance.hackmyvm.eu:8090/uwu/3312

Hacker(Output): 4441514

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import binascii
import socket
import base64
import zipfile
import hashlib
import requests
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


# 从指定的URL访问网页并返回网页中的字符串内容
def get_str_url(url):
    try:
        response = requests.get(url)
        response.raise_for_status()  # 检查请求是否成功
        return response.text  # 返回网页内容
    except requests.exceptions.RequestException as e:
        return f"访问url时出错{e}"


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx24\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8')
    data3 = get_str_url(data3)
    print(data3)
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx25

Codename: levelx25

Mission: In this mission you will receive a URL which you must visit, you must return the value found in a header (HMV-Header).

在此任务中,您将收到一个必须访问的 URL,您必须返回在头信息 (HMV-Header) 中找到的值。

Example:

HMV(Input): http://temperance.hackmyvm.eu:8090/head/673

Hacker(Output): 917182

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import binascii
import socket
import base64
import zipfile
import hashlib
import requests
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988



with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx25\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8').strip()
    repones = requests.get(data3)
    print(repones.headers)
    data3 = repones.headers.get('Hmv-Code')
    print(data3)
    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx26

Codename: levelx26

Mission: In this mission you will receive a png encoded in base64, you must decode it and send the number found in the image.

在这个任务中,您将收到一个以 base64 编码的 png,您必须对其进行解码并发送在图像中找到的数字。

Example:

HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAJYAAAAyCAYAAAC+jCIaAAABL0lEQVR4nOzYQU6zQBiA4fbPfxWX3v8gL j1MTRcmhBQ6VN5azPNs1BkzkvAGv/LvBAFhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRA Wif97H3h5f7vcWj9/fJ7nvzNd27K3dN6WvZHr5MVNb+LS91v27q1/r63tjZ7Fi1qL5TQYwdYYHglLVPtKZ6zrzXr2v5ZHnki/c Z1/3e4zVunWjHX9Ol+fzmlLe7SysPZ+CszPm/689nfuXYOnVeMwrxvcfIbnnNFPhXsN4aOfNPm5p89Y8xloZO/WbLT0rmp+5to ecDCHmbE4FmGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWia8AAAD//6oWtSXo+kn1AAAAAElFTkSuQmCC

Hacker(Output): 7006997

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import binascii
import socket
import base64
import zipfile
import hashlib
import requests
import pytesseract
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def decode_base64_image(base64_str):
    image_data = base64.b64decode(base64_str)
    image = Image.open(BytesIO(image_data))
    return image


def ex_from_image(image):
    digits = pytesseract.image_to_string(image, lang="eng")
    digits = ''.join(filter(str.isdigit, digits))
    return digits


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx26\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8').strip()
    data3 = decode_base64_image(data3)
    print(data3)
    sss = data3
    sss = ex_from_image(sss)

    print('Envio reto')
    s.send(str(sss).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx27

Codename: levelx27

Mission: In this mission you will receive a URL which you must visit, in the body of the URL there is data from a /etc/passwd file, you must return the UID of the proxy user.

在这个任务中,您将收到一个必须访问的 URL,在 URL 的正文中有来自 /etc/passwd 文件的数据,您必须返回代理用户的 UID。

Example:

HMV(Input): http://temperance.hackmyvm.eu:8090/cumment/3390/ HMV(Web Body): —SNIP— proxy:x:4735654:13:proxy:/bin:/usr/sbin/nologin —SNIP— ​​

Hacker(Output): 4735654

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import binascii
import socket
import base64
import zipfile
import hashlib
import requests
import pytesseract
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def get_uid_passwd(url):
    try:
        response = requests.get(url)  # 访问指定的 URL 并获取响应内容
        response.raise_for_status()  # 检查请求是否成功

        passwd_data = response.text
        # 查找代理用户的 UID
        for line in passwd_data.splitlines():
            field = line.split(':')
            if len(field) >= 3:
                username, uid = field[0], field[2]
                # 如果用户名是代理用户(通常以 "proxy" 开头),返回其 UID
                if username.startswith("proxy"):
                    return uid

        return "代理用户未找到"
    except requests.exceptions.RequestException as e:
        return f"访问时出错{e}"


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx27\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8').strip()
    data3 = get_uid_passwd(data3)
    print(data3)

    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx28

Codename: levelx28

Mission: In this mission you receive a JWT token. You must decode it and send the value of the HMVKey. (Default key).

在这个任务中,您会收到一个 JWT 令牌。 您必须解码并发送 HMVKey 的值。 (默认密钥)。

Example:

HMV(Input): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJITVZLZXkiOiJVbHFlc0h0bHZIQVdEYVAifQ.65O1aZHiVaGep-QA0-LZRnWXcDF8bZT_E7BXvXaYMUI

Hacker(Output): UlqesHtlvHAWDaP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
import binascii
import socket
import base64
import zipfile
import hashlib
import requests
import jwt
import json
import pytesseract
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988


def base64_url_decode(input):
    # 添加缺失的填充字符
    padding = '=' * ((4 - len(input) % 4) % 4)
    input = input + padding
    # 将Base64 URL编码转换为标准Base64编码
    input = input.replace('-', '+').replace('_', '/')
    # 解码Base64字符串
    return base64.b64decode(input)


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx28\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    data3 = data2.decode('utf-8').strip()
    data3 = [x for x in data3.split('.')]
    data3 = base64_url_decode(data3[1])
    data3 = data3.decode('utf-8')
    data3 = json.loads(data3)
    data3 = data3['HMVKey']
    print(data3)

    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx29

Codename: levelx29

Mission: In this mission you receive 2 coordinates, you must calculate how many KM there are between them and return the result (with 3 decimal).

在这个任务中,您会收到 2 个坐标,您必须计算出它们之间有多少个 KM,并返回结果(小数点后 3 位)。

Example:

HMV(Input): Lat: 23 Lon: 21 - Lat: 25 Lon: 16

Hacker(Output): 554.830

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import socket
import base64
import re
from geopy.distance import geodesic

HOST = "temperance.hackmyvm.eu"
PORT = 9988

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((HOST, PORT))
    print("Receiving Intro")
    data = s.recv(1024)
    print(data)
    s.send(b"levelx29")
    data2 = s.recv(1024)
    print(data2)
    data2 = data2.decode()
    pattern = r"Lat: (\d+) Lon: (\d+) - Lat: (\d+) Lon: (\d+)"
    matches = re.match(pattern, data2)
    if matches:
        coord1 = (int(matches.group(1)), int(matches.group(2)))
        coord2 = (int(matches.group(3)), int(matches.group(4)))
    distance = geodesic(coord1, coord2).kilometers
    formatted_distance = "{:.3f}".format(distance)
    s.send(formatted_distance.encode())
    data3 = s.recv(1024)
    print(data3)

levelx30

Codename: levelx30

Mission: In this mission we must use XOR and send the resulting string.(key=HMV)

在这个任务中,我们必须使用 XOR 并发送结果字符串。(键=HMV)

Example:

HMV(Input): <49#0,)’%;:!0.!, ,�”?!/

Hacker(Output): tyMafELksowokYfddVZjsswwxcwdDJMGsMKaENYVaLMJDjrRib

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import binascii
import socket
import base64
import zipfile
import hashlib
import requests
import jwt
import math
import json
import pytesseract
from PIL import Image
from io import BytesIO

HOST = "temperance.hackmyvm.eu"
PORT = 9988
KEY = "HVM"


def xor(data, key):
    key_len = len(key)
    return ''.join(chr(ord(data[i]) ^ ord(key[i % key_len])) for i in range(len(data)))


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:  # 建立socker连接
    s.connect((HOST, PORT))

    print('Receiving Intro')  # 接收信息
    data = s.recv(1024)
    print(data)

    s.send(b'levelx30\n')  # 发生选择的关卡,后续都是通过这个控制关卡

    print('Receiving challenge.')
    data2 = s.recv(1024)  # 接收数据,后续做一些处理
    print(data2)
    decode_data = data2.decode('utf-8').strip()
    data3 = xor(decode_data, KEY)
    print(data3)

    print('Envio reto')
    s.send(str(data3).encode('utf-8'))  # 处理后再发过去

    print('Recibo flag')
    data4 = s.recv(1024)  # 如果是对方期望的数据,会返回flag,用recv接收
    print(data4.decode('utf-8'))

levelx31

Codename: levelx31

Mission: In this mission you receive a png encoded in base64, you must decode it, read the QR code found inside and return the string that indicates the QR.

在此任务中,您会收到一个以 base64 编码的 png,您必须对其进行解码,读取里面的二维码 并返回指示 QR 的字符串。

Example:

HMV(Input):iVBORw0KGgoAAAANSUhEUgAAAGQAAABkEAAAAAAFGRbLAAABn0lEQVR4nOyazW7EMAiEm2rf/5W3J1+IED8mzXg033GbxhnhERjz+ X5/KPh9+wOmkBA0JAQNCUHjY3+4rt6LvHy03hf9fXc9mohICBo3jyyyNZi3x6037HP2/bvr0UREQtBwPbLw9mQ3b0ReqK63oImIhKARemSXyDNT0EREQtB 4zCPZGmwKmohICBqhR7p72Z5Dst7orkcTEQlBw/VIt9/kYT1jvbC7Hk1EJASNa7rm+a/zh4UmIhKChns/4vVsPdbzUX7o5g/1tU6DRkg6j0zt9YjoPsXLU zQRkRA02ueRqie8PZ69D4lqOJqISAga5VmU6kyJ54VqXlKtdRo0Qm4eiWoaS7ZPlX1vNn+p1kKHRsj2vFa1JvLY9Q5NRCQEjfG5324+6XpyQRMRCUFjfO4 3u/e7s42qtU6BRsj43K/9v6iflZ2dV1/rNGiEPDbTmO1nRbWY/d2DJiISgsbjc79RPvCeq575aSIiIWiMz/1m+1LReaP6HTQRkRA0xud+s3eJ1fyi88hp0 AgZn/t9C5qISAgaEoKGhKDxFwAA//9Pk6bevZKZBwAAAABJRU5ErkJggg==

Hacker(Output): xfZfsIM

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import socket
import base64
from PIL import Image
from io import BytesIO
from pyzbar.pyzbar import decode

HOST = "temperance.hackmyvm.eu"
PORT = 9988


# 将base64字符串解码为图片并返回二维码中的信息
def decode_qr_from_base64(b64_string):
    # 解码base64字符串为字节
    image_data = base64.b64decode(b64_string)
    # 创建一个字节流并打开图像
    image = Image.open(BytesIO(image_data))
    # 使用pyzbar库解码二维码
    qr_codes = decode(image)

    # 返回二维码中的数据
    if qr_codes:
        return qr_codes[0].data.decode('utf-8')
    else:
        return "QR码未找到"


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((HOST, PORT))

    print('Receiving Intro')
    data = s.recv(1024)
    print(data)

    s.send(b'levelx31\n')  # 选择关卡

    print('Receiving base64 encoded PNG')
    data2 = s.recv(1024)  # 接收base64编码的PNG图像
    print(data2)

    # 将接收的数据解码并读取二维码
    decoded_qr_string = decode_qr_from_base64(data2.decode('utf-8'))
    print(f"Decoded QR String: {decoded_qr_string}")

    print('Sending result')
    s.send(decoded_qr_string.encode('utf-8'))  # 发送解码的QR字符串

    print('Receiving flag')
    data3 = s.recv(1024)  # 接收返回的flag
    print(data3.decode('utf-8'))

levelx32

Codename: levelx32

Mission: In this mission you receive an md5 and a string. You must permute the string until it matches md5 and return the string.

在这个任务中,您会收到一个 md5 和一个字符串。 您必须对字符串进行置换,直到与 md5 匹配为止,然后返回字符串。

Example:

HMV(Input): c142e7e8b1d42f4d6f36dfa760174b3a KOSltuvxy

Hacker(Output): OSylutxKv

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import hashlib
import itertools
import socket

HOST = "temperance.hackmyvm.eu"
PORT = 9988


# 计算一个字符串的 MD5 哈希
def md5_hash(s):
    return hashlib.md5(s.encode('utf-8')).hexdigest()


# 找到与给定 MD5 匹配的字符串排列
def find_permutation_matching_md5(md5_hash_value, original_string):
    # 生成字符串的所有排列
    for perm in itertools.permutations(original_string):
        perm_str = ''.join(perm)
        # 计算该排列的 MD5 并进行匹配
        if md5_hash(perm_str) == md5_hash_value:
            return perm_str
    return None  # 如果未找到匹配


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((HOST, PORT))

    print('Receiving Intro')
    data = s.recv(1024)
    print(data)

    s.send(b'levelx32\n')  # 选择关卡

    print('Receiving md5 hash and string')
    data2 = s.recv(1024).decode('utf-8')  # 接收MD5和字符串
    print(f"Received: {data2}")

    # 假设收到的数据格式为: md5_hash_value:string
    md5_hash_value, original_string = data2.split()

    # 找到与给定MD5匹配的字符串排列
    matching_string = find_permutation_matching_md5(md5_hash_value, original_string)
    if matching_string:
        print(f"Found matching string: {matching_string}")
        s.send(matching_string.encode('utf-8'))  # 发送匹配的字符串
    else:
        print("No matching permutation found")

    print('Receiving flag')
    data3 = s.recv(1024)  # 接收返回的flag
    print(data3.decode('utf-8'))
#HackMyVM
Chapter 3: Temperance
https://www.mrdang.icu/2024/09/10/Chapter-3-Temperance/
作者
Mr.Dang
发布于
2024年9月10日
许可协议